In WooCommerce 3.4, a privacy policy snippet will be added in the checkout page, not a checkbox, as you can see below.

While this might be enough to comply with the GDPR requirements, some of you might want to go further, to be extra safe, and add another checkbox, in order for the users to check, if they agree with your privacy policy.

The functions.php file is usually found in /public_html/wp-content/themes/YOURTHEMENAME-child/functions.php. This is for your primary domain.

If you want to edit the file of an add-on domain that’s found on the same hosting account, you’ll most likely have to go here: /public_html/YOURDOMAIN.COM/wp-content/themes/YOURTHEMENAME-child/functions.php.

This might differ from web host to web host.

I recommend backing up the functions.php file or the whole website before making any changes, and I also recommend having a child theme in place.

Once you’ve opened the functions.php file for editing, add the below code at the very bottom, or right before ?> (if there’s any).

I reckon that, because it’s a required field, getting past this page implies consent. So the fact that order details are saved to your database mean the user has accepted your privacy policy. Unless you intend to use this data for anything other than processing this order I believe this should be enough.

If you are worried about offering the option to let users withdraw their consent, I don’t think it is even possible when the order is already processed. You cannot undo the processing and you may by law be required to keep this data (for instance Dutch administration requires me to keep the invoice I sent for 7 years).

The only case where I think it might be an issue is if the order is not completely processed and remains on pending. But in that case you can just remove this order (or change the personal data to some fake info in order to keep your stats). I’m not a lawyer though 🙂

John, maybe he wants to get a consent to do marketing. According to the GDPR you need that on the checkout page if you want to send your newsletter to the customer. That needs be optional, so the customer will not refuse to order just because you force him to register on the mailing list. Also you need to prove this consent later, so it has to be stored like he wrote.